Carolyn Morgan usually doesn’t check her text messages late in the evening, but one evening in January, she did.
A new message from her phone provider, Rogers, came as a surprise.
“I read it twice,” Morgan told Global News.
Then, she said, something clicked. Something wasn’t right.
The message read: “Rogers has received a request to transfer your phone number to another Service Provider. If you did not authorize, contact Rogers urgently…” and went on to provide a toll-free telephone number.
The Toronto woman says she hadn’t made any request to transfer her number, a practice known in the wireless industry as porting.
Typically, porting occurs when a wireless customer wants to switch phone providers but wishes to keep their existing phone number.
Following instructions on the text, Morgan immediately called Rogers to tell the company she hadn’t placed an order. She says she waited on hold for 24 minutes before her line died.
“That’s when I realized, ‘oh, there’s no phone service,'” she said.
At that moment, her number had been switched. A scammer, with the unintended aid of her phone company, had seized her number.
When the line went dead, she logged onto Rogers’ chat service and reported the unauthorized switch to a Rogers agent, who confirmed the line had been ported.
Morgan says the agent promised the company would try to get it back.
But it took about 20 hours before Rogers restored her number. She says she had to call the company a second time to remind them.
In that period, she says cyber-thieves were able to use her phone account to change her email passwords and access her banking information. A credit card company reported an unauthorized $700 purchase.
With access to her phone number and the ability to receive and send messages on it, thieves could override what’s known as two-factor authentication used to secure accounts.
Two-factor authentication allows a consumer to receive a text message with a code to prove they are the authorized account holder.
At one point, Morgan says she was attempting to restore an email account while the scammer was also using it and looting personal information.
“It’s the creepiest thing,” Morgan told Global News in an interview.
She’s one of a growing number of Canadians to fall victim to this kind of scam, one Canada’s wireless industry says it’s trying to wrestle with.
“Unfortunately, there are criminals who are using illegally-obtained personal data to defraud consumers in a variety of ways and across industries,” said a spokesperson for the Canadian Wireless Telecommunications Association, also known as the CWTA.
“Unauthorized phone number transfers are one example.”
Rogers told Global News it is attempting to guard against fraud involving customers’ accounts.
“We take protecting our customers’ personal information very seriously, and as fraudsters evolve their tactics, we work with other carriers to continually strengthen processes to prevent unauthorized porting, including new protections put in place this past fall,” a spokesperson said in a written statement.
In 2008, the Canadian Radio-television and Telecommunications Commission (CRTC) stated that wireless carriers should carry out number porting within two and a half hours.
A customer service representative who spoke to Morgan by phone in the presence of Global News said it was not the company’s responsibility to compensate customers who suffered a financial loss for fraud. Nor would the representative agree to offer her identity theft monitoring, which is frequently provided to credit and loyalty card customers whose accounts are hacked.
Morgan says she feels let down by Rogers, which she says ought to have acted more carefully before allowing her number to be given to a scammer.
“They handed the fraudsters the keys to the kingdom by not double or triple-checking…to make sure I requested the port, that’s what frustrated me the most.”